<?php 
// connect to mysql database
require("config.php");
session_start();
?>
<?php 
//parse the data and edit item 
if (isset($_POST['f_name'])) {
	//sanitize variables
    $f_name = mysql_real_escape_string($_POST['f_name']);
	$l_name = mysql_real_escape_string($_POST['l_name']);
	$email = mysql_real_escape_string($_POST['email']);
	$address = mysql_real_escape_string($_POST['address']);
	
	$customer = $_SESSION["customer"];
	$sql = mysql_query("SELECT id FROM customers WHERE u_name='$customer'");
	$usercount = mysql_num_rows($sql);
	if($usercount == 1) {
		 while($row = mysql_fetch_array($sql)){ 
				 $pid = $row["id"];
		}
	}
	
	// update database
	$sql = mysql_query("UPDATE customers SET f_name='$f_name', l_name='$l_name', address='address', email='$email' WHERE id='$pid'");
	header("location: ../account.php"); 
    exit();
}
?>
<?php 
// gather user's details to be put on the database
$customer = $_SESSION["customer"];
$sql = mysql_query("SELECT * FROM customers WHERE u_name='$customer'");
$usercount = mysql_num_rows($sql);
if($usercount == 1) {
	 while($row = mysql_fetch_array($sql)){ 
			 $pid = $row["id"];
			 $f_name = $row["f_name"];
			 $l_name = $row["l_name"];
			 $address = $row["address"];
			 $email = $row["email"];
        }
} else {
	echo "Sorry, user does not exist.";
	exit();
}


?>

